Hi Stefan, On 01/10/16 00:35, Stefan Paletta wrote: > I have one question about the proposal: what is the rationale and > justification for the one-year minimum distrust?
The determination of the action to take in any particular case takes account of precedent (e.g. CNNIC) and our understanding of proportionality, and what would be best in order to see a proper remediation. This time period is part of the proposal (and note that it is still a proposal) was chosen because I currently believe that WoSign would need to make significant technical changes (and perhaps other sorts of changes) in order to pass a full security audit from a code auditor. If the time period before the possibility of re-enablement was too short, there might be a temptation to rush this process, which would be in nobody's interest. Gerv _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
